IT PRO: Blogs: Davey Winder: 2007 December

Home

Davey Winder's Blog

Google quickly stomps on Orkut worm

Posted in Blog, Facebook, Security, Google, Uncategorized on December 24, 2007 at 11:19 am

Talk about social networking sites and you probably think Facebook, MySpace and possibly LinkedIn. The chances are, unless you happen to be Brazilian, the Google social networking offering Orkut has managed to evade your radar altogether. Orkut is, however, hugely popular in Brazil and that

Rated: 100% (1 votes)

Loading ...

The strange tale of a ladyman and your data

By Davey Winder in Editorial

Posted in Data Protection, Blog, Security on December 18, 2007 at 12:06 pm

Permalink | Author Profile

Here we go again.

This time it is the Driver and Vehicle Agency in Northern Ireland that has been playing fast and loose with your data, or at least that of some three million would be drivers whose details have gone missing. This time the data disappeared not in transit between a couple of government departments in the UK, but somewhere in Iowa apparently. According to a statement by the Transport Secretary, Ruth Kelly, the data was sent electronically to an outfit called Pearson Driving Assessments in Iowa, US one has to assume for processing purposes, and the hard drive containing the names, addresses and telephone numbers of those applicants was then passed off to someone at some company (the details are far from clear as to who or why) in another state before getting lost either on the way back or on arrival in Iowa.

It should come as no surprise that all this happened back in May, or that the government knew about it in June when the then transport minister was informed but deemed it not important enough to worry the public about. The transport minister at the time was one Stephen Ladyman, which is ironic because I always think of Ruth Kelly as being something of a manlady. However, that’s another story entirely.

Back to the main plot then.

Once again this has to come not so much as a wake up call, but rather a bloody great slap in the face, for any business which handles data to get their finger out and ensure they have a proper policy in place for the encryption of that data whenever it is being moved. If the government had considered our personal information valuable enough to encrypt before throwing in the internal mail system or chucking at some company in Iowa, then there would have been much less of a scandal to get heated about. Yes, we could have got hot under the collar about process and procedural failings, but at least the data would have been worthless to whoever it ended up with.

That said, the whole ‘use encryption you idiot’ debate does throw up another interesting aside: what happens if you lose the key that unlocks your own data?

Geoffrey Finlay, CEO of nCipher puts it quite nicely when he says “encryption is a powerful tool, but getting it wrong can at best result in a false sense of security and even worse leave data scrambled for ever - the equivalent of a corporate document shredder. A well-planned deployment of encryption, supported by strong key management and access controls will eliminate further HMRC, DVA and Driving Standards Agency catastrophes and result in better protected data that is available to the right people at the right time. The idea of end-to-end encryption may still be a long way off but cryptography is increasingly playing a vital role as the last line of defence.”

And that means both encryption and key management have to be a must get for all organisations with sensitive data, end of story…

Rated: 100% (1 votes)

Loading ...

State of the art attack fleeces banks of millions

By Davey Winder in Editorial

Posted in Security on December 15, 2007 at 1:32 pm

Permalink | Author Profile

I know, I know, the whole bank gets targeted by the online bad guys routine is starting to wear a little thin when it comes to the exciting news stakes at least, but bear with me. Most of the time you will just read about phishing scams which might be successful in relieving the gullible of a few quid from their personal bank accounts, but rarely do the more sophisticated attacks which target high roller corporate make the headlines. Not least because both the banks and those corporate would much rather you did not read about how they lost money and run the risk of you losing trust in them.

Assuming anyone trusts banks any more, given the whole credit crunch and Northern Rock fiascos.

However, when it comes to the Prg Trojan the excitement levels rise a tad, as this is apparently managing to remove millions of corporate dollars from bank accounts around the globe with spectacular ease. Prg itself is nothing new, it was first identified six months ago, but since then it has morphed and evolved into something that goes beyond what we have come to expect of man in the middle attacks to date. This particular variant is clever enough to perfectly mimic pre and post authentication procedures, following every step that the real user would take - and follow them directly to the money itself.

It all starts in the same way as most attacks, with victims being infected via email and website links which install a generic Trojan to steal data by copying everything entered at a browser window to a compromised server. This data is then analysed and filtered, and any signs of commercial banking transactions of any decent size are noted. This can then identify the best victims to target with spear phishing techniques used to get the Prg Trojan installed by masquerading as a new security token for example. Now, everything that the victim does with their bank online is carefully scrutinised, with the Trojan learning to simulate online transactions, transfer and payments. The criminals are alerted by the Trojan when it has enough data to be able to do all this successfully, and when the victim starts any transaction. The criminal can then perform the man in the middle attack by piggybacking the session and compromising the entire account. More often than not the attackers will not even know the victims username, let alone password. Neither is needed because the software handles all of that.

The really clever part is that it leaves very little in the way of an audit trail or signature to follow. It simply simulates all the keystrokes, in the right order, and visits all the bank pages, in the right order, exactly as if it were the customer themselves.

Reports suggest that as many as 20 banks across the US and Europe have already fallen victim to the new Trojan variant, with attacks originating in data centres in Moscow and Mumbai. Security researchers even reckon they know who is behind the sophisticated crimewave, a Russian group known as UpLevel and their associates in Germany. As many as 10,000 corporate victims are thought to have had their accounts compromised.

Actually, it is wrong to think of the companies as being the victims here: it is the banks and ultimately all of us that will pay. The banks give the money back to the large corporate, whose business they do not want to lose, and end up recouping that loss through higher account fees etc

Rated: 100% (1 votes)

Loading ...

A quarter of all email includes a vicious link

By Davey Winder in Editorial

Posted in Data Protection, Blog, Spyware, Spam, Security on December 10, 2007 at 12:56 pm

Permalink | Author Profile

That is the perhaps unsurprising warning contained in the MessageLabs Intelligence 2007 Security Report which was published today. In a double whammy of bad news, MessageLabs warn that spam is the most dominant menace on the IT security agenda with spam levels reaching a whopping 84.6 percent across the course of the year, plus of course the fact that 25 percent of email comes complete with a malicious link to take you directly to something very nasty indeed.

Perhaps the most worrying bit of this is that it is a trend that has stormed along, every pun intended because the Storm botnet attacks have played a huge part in the statistics, with only 3 percent of email-borne viruses containing malicious links at the start of the year. To be honest, I find that figure rather low in any case. My mailbox would suggest, from both the malicious link emails I get and the messages from folk who have received them, the problem has been rife for some time. Still, this trend towards malicious links does serve to demonstrate that virus writers are continuing to develop strategies to distribute malware.

MessageLabs also flag up the dangers of social network targeted threats during 2007, warning that this could increase in 2008. Certainly during 2007 there were several significant waves of such targeted attacks which appeared on the radar. Indeed, the report suggests that levels rose from one attack per day in 2006 to more than 1,100 over a 16 hour period during September 2007. The most recent being in November when the first sector specific attack took place with almost 1,000 individual attacks aimed at the Financial Sector.

looking at the year by the numbers, the reports comes up with the following to brighten your day:

MessageLabs identified an average of 1,253 new web sites per day harboring malware, which equates to almost half a million new malicious web sites appearing throughout the year.

The average virus level for 2007 was 1 in 117.7 emails (0.8 percent) which reflects a fall of 0.6 percent since 2006 where levels averaged at 1 in 67.9 emails.

The number of phishing attacks rose to 1 in 156 emails across 2007, compared to 1 in 274.2 emails in 2006.

Rated: 100% (1 votes)

Loading ...

Chinese whispers as government implicated in UK hack attacks

By Davey Winder in Editorial

Posted in Data Protection, Blog, Security, Internet on December 4, 2007 at 3:48 pm

Permalink | Author Profile

It’s all very hush hush, of course, but reports are circulating that the Director General of MI5 has within the last few days sent a ‘confidential’ letter to as many as 300 bank CEOs and security execs, accountants and legal firms across the UK. The letter apparently warns them that they are ‘under attack’ from Chinese state organisations. As a direct result of this leaked missive, security experts Finjan have taken the unusual step of making the interim results of a study public despite only being half way through the actual thing.

Although the full details of the study are to be revealed later in the month, Finjan researchers have been mapping how PCs are being infected by Trojans distributed from China. The payload being theft of data from organisations of course. Finjan’s Malicious Code Research Center (MCRC) have detected malicious activity by groups that distribute their content using obfuscated code and a network of websites to bypass traditional information security technology.

Some of the attacks were of the sophisticated zero-day variety, so there was no patch to protect the victims, and I am led to believe that a number of new hacking techniques have been identified.

I am also informed that Finjan discovered a centralized group of such hacking activity based out of China, with one of the websites concerned belonging to a Chinese governmental office no less.

“This development is disturbing for governments, enterprises and individuals alike.” Finjan CTO Yuval Ben-Itzhak says “signature-based technologies like Anti-virus and URL Filtering are limited, against this type of attack, the number of vectors and sophisticated structure of the network of websites has been designed to by-pass traditional information security technology based on signatures and URL filtering. To defend against this type of attack security solutions need to employ real-time content inspection technology that analyzes each and every piece of web content in real-time, regardless of its original source or domain name.”

Rated: 100% (3 votes)

Loading ...

The 24 year old software that is still going strong

By Davey Winder in Editorial

Posted in Blog on December 2, 2007 at 12:11 pm

Permalink | Author Profile

To be honest with you, I really cannot think of many pieces of software that could still be thought of as usable some 24 years after the first version hit the desktop. Even MS Windows can only claim a 22 year history, with Windows 1.0 hitting the streets in 1985. Yet November 30th 2007 was, indeed, the official 24th birthday of BrainStorm.

Obviously the software has moved forwards over the years, indeed a new version was announced as a kind of birthday present to the many loyal users, but while the look and feel may have changed the basic principles have not. BrainStorm remains a knowledge organiser at heart, aptly enough embracing another even older concept: mind mapping.

Hands up all you children of the sixties who recall pop psychologist Tony Buzan? He was the chap who came up with the idea of mind mapping in the seventies, bringing left and right sides of the brain together in order to create cognitive map. Think a dynamic table of contents that folds and link in a totally non-linear fashion, merging the logical analysis of the left and the creative colourings of the right hemispheres inside your head.

So why has BrainStorm survived the decades when just about every other mind mapping incarnation has crashed and burned along the software road to hell? Dare I say it could be because the programmers behind the thing, David Tebbutt and Marck Pearlstone, understood back in 1983 and have continued to appreciate the importance of keeping it simple even within the confines of complex thought planning software? I think so. Whereas just about every other bit of mind mapping software has taken a highly graphical approach to the concept, BrainStorm has stuck to its text only guns. As a result you end up with something which the Burzan purists will, no doubt, cry is not mind mapping at all. They could be right, but it doesn’t matter a jot because what it is happens to be even better: a combination of mind mapper and outliner which takes a more cerebral rather than visual approach to problem solving and knowledge planning.

Keep it simple works for me, certainly when anything related to my brainpower is concerned. A belated happy 24th birthday, then, to the grand old man of the software world…